User interface for selection of multiple accounts and connection points

ABSTRACT

Embodiments of the present disclosure provide a user interface that enables a user to more easily identify servers that may be used to set access permissions for content items. The method and system described herein includes receiving user credentials that are associated with a user. In response to receiving the user credentials, one or more servers associated with the user credentials are displayed. The one or more servers are configured to manage information rights for a content item created by the user. Upon receiving a selection of one of the one or more servers, a list of one or more templates supported by the selected server is displayed to the user. The one or more templates identify information rights that may be applied to the content item.

BACKGROUND

Document protection enables a user of a computing device to set variousprotection levels on documents so as to prevent sensitive informationcontained in the documents from being printed, forwarded, opened,changed or copied by unauthorized users. However, with current userinterfaces, it is difficult to set user permissions for variousdocuments in a user friendly and straightforward manner.

It is with respect to these and other general considerations thatembodiments of the present disclosure have been made. Also, althoughrelatively specific problems have been discussed, it should beunderstood that the embodiments disclosed herein should not be limitedto solving the specific problems identified in the background.

SUMMARY

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailDescription section. This summary is not intended to identify keyfeatures or essential features of the claimed subject matter, nor is itintended to be used as an aid in determining the scope of the claimedsubject matter.

Embodiments of the present disclosure provide a user interface thatenables a user to more easily identify servers that may be used to setaccess permissions for a particular content item. More specifically, themethod and system described herein includes receiving user credentialsthat are associated with a user. In response to receiving the usercredentials, a determination is made as to a relationship between theuser and one or more servers. In certain embodiments, the one or moreservers are configured to manage information rights for a content itemcreated by the user. In response to receiving a request to protect thecontent item, a list of the one or more servers is presented to theuser. Upon receiving a selection of one of the one or more servers, alist of one or more templates supported by the selected server isdisplayed to the user. The one or more templates identify informationrights that may be applied to the content item by the selected server.

Embodiments may be implemented as a computer process, a computing systemor as an article of manufacture such as a computer program product orcomputer readable media. The computer program product may be computerstorage media readable by a computer system and encoding a computerprogram of instructions for executing a computer process. The computerprogram product may also be a propagated signal on a carrier readable bya computing system and encoding a computer program of instructions forexecuting a computer process.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments are described with referenceto the following figures.

FIG. 1 illustrates a system for setting user access permissions for acontent item according to one or more embodiments.

FIG. 2 illustrates a method for setting user access permissions for acontent item according to one or more embodiments.

FIGS. 3, 4, and 5 illustrate exemplary user interfaces for setting useraccess permissions of a content item according to one or moreembodiments.

FIG. 6 illustrates a block diagram of a computing environment suitablefor implementing embodiments disclosed herein.

DETAILED DESCRIPTION

Various embodiments are described more fully below with reference to theaccompanying drawings, which form a part hereof, and which show specificexemplary embodiments. However, embodiments may be implemented in manydifferent forms and should not be construed as limited to theembodiments set forth herein; rather, these embodiments are provided sothat this disclosure will be thorough and complete, and will fullyconvey the scope of the embodiments to those skilled in the art.Embodiments may be practiced as methods, systems or devices.Accordingly, embodiments may take the form of a hardware implementation,an entirely software implementation or an implementation combiningsoftware and hardware aspects. The following detailed description is,therefore, not to be taken in a limiting sense.

Embodiments disclosed herein are directed to setting user accesspermissions for various content items created by a user. In certainembodiments, a user is presented with a list of servers that may be usedto set user access permissions for the content items. As will bediscussed, prior to using a particular server, the user, or a computingdevice being operated by the user, may be required to have anestablished relationship with each server in the list of servers.However, in another embodiment, only the computing device that is beingoperated by the user may be required to have the establishedrelationship. In such cases, each user of the computing device,regardless of which user submitted user credentials to access thecomputing device, may view and access each of the available servers inthe list. Such a configuration may be useful with a multi-tenantcomputing device where (i) a second user may be using a first user'suser credentials to gain access to the computing device but still wantsthe ability to use servers and templates that are specific to the seconduser or (ii) where single user has two accounts (e.g., email accounts)at two different companies. In yet another embodiment, if multiple usersare using different operating systems accounts, each user's data will beisolated.

FIG. 1 illustrates a system 100 for setting user access permissions fora content item 125. More particularly, the system 100 may be used topresent an information rights management user interface that enables acreator of the content item 125 (e.g., document, presentation, email,workbook etc.) to easily choose a server that may be used to setinformation rights of the content item 125.

Information Rights Management (IRM) allows a creator or user of thecontent item 125, or a system administrator, to specify accesspermissions to the content item 125. IRM helps prevent sensitiveinformation contained in the content item 125 from being distributed,changed, printed, read etc., without permission from the creator of thecontent item or an administrator of the system from which the contentitem originated. Once access permissions for a content item 125 havebeen restricted using IRM, the access and usage restrictions may beenforced regardless of where the content item 125 is located. In certainembodiments, the enforcement may be maintained because the permissionsto access the content item 125 is stored in the content item 125 itself.

As shown in FIG. 1, the system 100 includes a computing device 120. Thecomputing device 120 may be a desktop or laptop computer, a tabletcomputer, a mobile phone, a personal digital assistant and the like.Among other components, the computing device 120 includes an operatingsystem that executes one or more applications 130. The applications 130may be word processing applications, spreadsheet applications, databaseapplications, email applications, and the like. Each application 130 mayalso include an information rights management user interface that isdisplayed to a first user 110 when the first user 110 desires to setaccess permissions for a content item 125 generated by the application130.

In certain embodiments, a first user 110 may be required to submit usercredentials 115 to one or more of (i) the operating system, in order tolog in to the operating system, or (ii) to one or more applications 130being executed by the computing device 120. The user credentials 115 mayinclude a user name and password or other input that is associated withand identifies the first user 110. For example, the user credentials 115may include a WINDOWS LIVE ID, an email address and associated password,a username and password, an organization ID, an operating system log onID etc. In an embodiment, the first user 110 may use single sign-oncredentials which enable the first user 110 to access (i) the operatingsystem, and (ii) the one or more applications 130 by entering the usercredentials 115 at a single point in time. Alternatively, different usercredentials 115 may be required for (i) the operating system, and (ii)the one or more applications 130.

According to one or more embodiments, the computing device 120 may beshared between multiple users, such as, for example, first user 110 andsecond user 165. Although in certain embodiments a user of the computingdevice 120 may submit user credentials 115, the submission of usercredentials may not be required for all users of the computing device120. For example, as shown in FIG. 1, second user 165 may access thecomputing device 120 and utilize one or more applications 130 withoutproviding user credentials. This may be due to the fact that the firstuser 110 has already logged in to the computing device. In analternative embodiment, the computing device 120 may not require usercredentials from either user. Accordingly, once second user 165 accessesthe computing device 120, second user 165 may also protect one or morecontent items using the methods described herein. Such embodiments willbe described in detail below with reference to FIG. 5. In still yetanother embodiment, although the computing device 120 may not requireuser credentials, a sever (e.g., first server 160 or second server 170)may require the user to input user credentials.

In certain embodiments, first user 110 may have access to one or moreservers (e.g., first server 160 and second server 170). first server 160and/or second server 170 may be Rights Management Service (RMS) serversthat apply information rights or access permissions for one or morecontent items 125 created by the first user 110. For example, first user110 may be employed at a first entity and have an email addressassociated with the first entity. first server 160 may be configured toapply information rights to one or more content items 125 generated bythe first user 110 at the first entity. However, first user 110 may alsobe a consultant at a second entity and have another email address (orother account) associated with the second entity. Additionally, thesecond entity may also have a server, such as, for example, secondserver 170 that may be configured to apply information rights to one ormore content items 125 generated by the first user 110 at the secondentity.

Because the first user 110 has multiple accounts, each of which isassociated with different servers, the user interfaces described hereinenable the first user 110 to view each available server associated withthe first user 110 or the computing device 120 currently being used bythe first user 110, as well as the information rights that each serveris able to apply to each content item generated by the first user 110.Although two servers are shown in FIG. 1, it is contemplated that afirst user 110 may have access to a single server. It is alsocontemplated that the first user 110 may have access to, or haveestablished a relationship with, more than two servers.

In certain embodiments, the relationship between the first user 110 andfirst server 160 and second server 170 may be established by anadministrator of the system 100. Continuing with the example above, iffirst server 160 was operated by a first entity and second server 170was operated by a second entity, an administrator associated with eachentity may establish a trust relationship between the two servers. As aresult of the established relationship, the first user 110 may protect acontent item 125 using either server using a single user interface.Because the information is presented in a single user interface, thefirst user 110 may not have to log in to a different computing device,submit different user credentials 115 at a log in screen of an operatingsystem or application, or keep track available servers and associatedcredentials of each server.

In another embodiment, a relationship between the first user 110 and aserver, such as, for example, second server 170 may be established whenanother user (e.g., third user 175) communicates a protected contentitem 126 (that was protected using a server to which third user 175 hadaccess such as, for example, second server 170) to the first user 110.When the first user 110 receives the protected content item 126, thefirst user 110 may be required to submit verification data. Once theverification data is received and accepted, such as will be describedbelow, the computing device 120 of the first user 110 stores theassociation between the first user 110 and the second server 170 (e.g.,user/server associations 140). Thereafter, the first user 110 mayutilize second server 170 to manage information rights of one or morecontent items created by the first user 110.

As discussed above, a first user 110 may manage information rights of acontent item using a particular server. For example, if first user 110creates a content item 125, such as a document, and desires to protectthe content item 125 using information rights management, the first user110, via a user interface associated with the application that createdthe content item 125, is presented with one or more servers (e.g., firstserver 160 or second server 170) to which the first user 110 (orcomputing device 120) has an established relationship with. In certainembodiments, such as when the user has a single operating systemaccount, the user interface will display all user/server connectionpairs that have been established on the computing device 120 regardlessof which user is currently logged in. In certain embodiments, the serverselected by the first user 110 is used to apply information rightspolicy to the content item 125.

Each server has an associated generic information rights template thatis specific to that server. For example, the server's generic templatemay include “Restricted Access” permissions or “Do Not Forward”permissions. However, it is contemplated that a server may haveadditional information rights templates with additional permissions. Incertain embodiments, each information template is used to set accesspermissions (e.g., read only permissions, read and write permissionsetc.) of the content item 125. Once the access permissions for thecontent item 125 have been set, the first user 110 may communicate thecontent item 125 to a recipient user (e.g., third user 175) over anetwork (not shown) or using other communication means.

When the recipient user receives the content item 125 from the firstuser 110 and attempts to open the content item 125, the recipient usersupplies to the server (e.g., the server that was used to apply theinformation rights to the content item 125) (i) an RMS accountcertificate that is embedded in the publishing license that is embeddedin the content item that defines the usage policy the content item 125and (ii) an RMS account certificate, each of which were provided to therecipient user when the relationship between the User's 110 server andthe recipient's server or computing device was established. If therecipient user is allowed access to the content item 125, the recipientuser receives a use license 127 that establishes that the user has validaccess to the content item 125 for a specific amount of time. Therecipient user may access the content item based on the use license 127.

As discussed above, each server has associated information rightstemplates (e.g., templates) that define access permissions or rightsthat may be set for each content item 125. More specifically, a templatecontains a usage policy that is used to create the publishing licensewhen the content item 125 is protected using that particular template.For example, the template is used to identify authorized users and theactions the authorized users are allowed to take with the content item.Such actions may include for example, permissions to read, write to,forward, or print the content item 125. In certain embodiments, thetemplate may also set a time limit on each of the permissions listedabove. Once the time limit has expired, the recipient user may berequired to re-verify their credentials with the server. If the user'scredentials are still valid, the user regains access to the content item125.

As discussed above, the computing device 120 is configured to store eachuser/server association 140. In certain embodiments, the user/serverassociation 140 includes all servers for which the first user 110 has anestablished relationship (e.g., via an administrator or by receivingprotected content from another user). In certain embodiments, theuser/server association 140 is based, at least in part on the usercredentials 115. In another embodiment, the user/server associations 140are stored on the computing device 120 for each user who accesses thecomputing device 120 and establishes a relationship with a server.Thereafter, each user that accesses the system and desires to protect acontent item may view each server with which the computing device 120has an established relationship. Along with storing each user/serverassociation 140, the computing device 120 may also store one or moreserver templates 150. As discussed above, each server is associated witha particular set of templates. Therefore, one server may have one set oftemplates while another sever has a second, different set of templates.

FIG. 2 illustrates a method 200 for setting access permissions of acontent item according to one or more embodiments. For example, a user,such as first user 110 (FIG. 1) may employ the method 200 to setinformation rights policies for a content item 125 using a userinterface provided in association with an application 130 that createdthe content item such as described above with respect to FIG. 1.

Method 200 begins at operation 210 where user credentials are receivedby an operating system of a computing device or by an application beingexecuted on the computing device. In certain embodiments, the user maynot be required to submit user credentials prior to accessing theoperating system or one or more of the applications. In such instances,if a user desires to protect a content item, a list of available userand server associations are presented to the user via a user interfacesuch as will be described in greater detail below. In embodiments whereuser credentials are required, a user may submit single sign-oncredentials that enable the user to access the operating system and/orone or more applications that the user is authorized to use.

Once the user credentials are received, flow continues to operation 220in which a request to set access permissions for a content item isreceived (e.g., by the computing device). In response to the request, auser interface is displayed to a user. In certain embodiments, the userinterface is associated with an application that created the contentitem to be protected. As part of the user interface, a list of one ormore user/server associations is output on the user interface. In anembodiment, the list of user/server associations is based on a trustrelationship between entities or servers that is set up by anadministrator. In such embodiments, the administrator may set up thetrust relationship for each user of the computing device (e.g., inmulti-tenant scenarios) or for select users of the computing device. Inanother embodiment, the list of user/server associations is establishedwhen a user of the computing device receives a protected content itemsuch as described above. Thus, if a user (or multiple different users ina multi-tenant environment) received protected content items from twodifferent servers, a user/server relationship would be establishedbetween each user/server pair. As discussed above, the list ofuser/server associations may be maintained and stored on the computingdevice. In another embodiment, the list of user/server associations maybe stored remotely and accessed by the computing device over a networkconnection or other communication channel.

In certain embodiments, it may be determined by the computing devicethat, based on user credentials of a particular user, the user hasaccess to a single server with which to protect a content item. In suchcases, the user interface does not display the single available server.Instead, the user interface may be configured to display a list of oneor more templates associated with the single server.

For example, referring to FIG. 3, FIG. 3 illustrates a user interface300 that displays one or more templates that are associated with asingle server. The association between the single server and the usermay be based, at least in part, on the user credentials submitted by theuser. In another embodiment, the association between the user and theserver may be based on the computing device, or the user, havingpreviously established a relationship with the server (e.g., via anadministrator, receiving a protected content item, etc.).

As shown in FIG. 3, upon selection of an option to restrict accesspermissions 310 of a content item, a template list 320 having one ormore templates 330 is presented on the user interface 300. For example,as shown in FIG. 3, the template list 320 includes various differenttemplates such as, “Unrestricted Access,” “Restricted Access,” “Do NotReply All,” etc. The template list may also include other templates thatare specific to certain products. For example, one product may include a“Do Not Forward” template that is specific to that product or version.In certain embodiments, the templates 330 may be defined by anadministrator. In another embodiment, the templates 330 may be definedby a user. In still yet another embodiment, the templates 330 may bepredefined by the application that generated the content item.

Once the template list 320 has been presented to the user, the user mayselect a template 330 from the template list 320 to set the desiredaccess permissions for the content item. If the desired template 330 isnot displayed in the template list 320, the user may select an icon 340which presents additional available templates 330 to the user (e.g., byexpanding or scrolling the list of templates 330).

Referring back to FIG. 2, as discussed above, in response to a userrequest to set access permissions for a particular content item, a userinterface is displayed 230 that lists the user/server associations. Inresponse to receiving 240 a user selection of a particular server, alist of templates associated with the selected server is displayed 250to the user. In certain embodiments, and as shown in FIG. 4, the list ofservers and associated templates are displayed in a nestedconfiguration. Such a configuration enables the user to simultaneouslyview each available server and to view templates of each availableserver in a single user interface. An exemplary embodiment is shown inFIG. 4.

Referring to FIG. 4, FIG. 4 illustrates an exemplary user interface 400that displays a list of servers 420 that are available to the user. Incertain embodiments, the list of servers 420 is generated and displayedbased on the user credentials submitted by the user. In anotherembodiment, the list of servers 420 is based on previously establishedrelationships between each of the servers in the list of servers 420 andthe computing device currently in use. In multi-tenant environments,(e.g., where a first user and a second user share a single computingdevice), a first user may be able to see choices for servers associatedwith the second server and vice versa. In other embodiments, the list ofavailable servers is filtered to show only user/server combinationsspecific to the user associated with user credentials used toauthenticate the user to the computing device.

In an embodiment, when a user wishes to restrict access rights of acontent item, the user accesses a user interface 400 and selects anoption to restrict the access rights 410 of the particular content item.As discussed above, the user interface 400 may be associated with anapplication that was used to generate the particular content item. Inresponse to the user selection, a list 420 of one or more servers 425 isdisplayed via the user interface 400.

In the exemplary user interface 400 illustrated by FIG. 4, thisparticular user has access to both a “Microsoft” server and a “Contoso”server. Therefore, this particular user, or the computing devicecurrently being used by the user, has, at one point in time, establisheda relationship with each of the servers such as was described above withrespect to FIG. 1. As a result of having an established relationshipwith each server, this particular user also has access to the templatesfor each server.

In response to the user selecting one of the servers 425 from the listof servers 420 (e.g., the “Microsoft” server), a template list 430having one or more templates 440 is provided to the user via the userinterface 400. As shown in FIG. 4, the list of servers 420 and the listof templates 430 are displayed in a nested configuration. Such aconfiguration allows the user to easily navigate between each of theservers without having to re-enter user credentials each time the userdesires to access a different server.

For example, although the “Microsoft” server in the list of severs 420is currently selected, the user may select the “Contoso” server on thesame interface 400. Once the “Contoso” server has been selected, theuser interface 400 displays one or more information rights templatesassociated with the user's “Contoso” account. As discussed, this list oftemplates may be different from the list 430 shown for the “Microsoft”server. If a desired template 440 is not displayed in the list oftemplates 430, the user may select an icon 450 to view additionaltemplates that are available for the selected server 425.

Referring back to FIG. 2, once the available information rightstemplates have been displayed to the user, a selection of the desiredtemplate is received 260 (e.g., by the computing device). Access to thecontent item is then protected 270 by the selected server based on theselected template.

As discussed above, a user may be required to submit user credentialsprior to accessing an operating system or an application on thecomputing device. However, in another embodiment, a user may not berequired to submit user credentials. In such instances, the current userof the computing device may still view and select one or more serversand the set of information rights templates that are associated witheach server. An exemplary user interface 500 that illustrates such anembodiment is shown by FIG. 5.

In an embodiment, a user of a computing device may have access to andview one or more available servers that are configured to set accessrights for a content item even if the identity of the current user isunknown (e.g., the current user has not submitted user credentials). Forexample, if a current user of a computing device desires to restrictaccess to a content item, the current user selects, via the userinterface 500, an option to set access rights 510 for a particularcontent item. In certain embodiments, the user interface 500 isassociated with an application that was used to generate the contentitem. In response to the selection to restrict access 510 to the contentitem, the user interface 500 displays a list of servers 520 that have,at one time, been associated with either a user of the computing deviceor the computing device itself. As discussed above, the user/serverassociation may have been made by one user logging in to the computingdevice and establishing a relationship with one or more servers such asdescribed above. In another embodiment, the relationship between theuser and servers may have been established as a result of a user of thecomputing device having received a protected content item.

For example, as shown in FIG. 5, the list of servers 520 may include a“Microsoft” server, a “Contoso” server, and two “Windows Live” servers.Although specific servers have been mentioned and shown in FIG. 5, theservers mentioned are for illustrative purposes and it is contemplatedthat may different servers may be used. However, because each server isassociated with a particular user, and because the current user has notpresented user credentials in this exemplary embodiment, the computingdevice does not know which user is currently accessing the computingdevice. As a result, additional identifiers may be included in the listof servers to assist the user in selecting the correct server.

For example, as shown in FIG. 5, each of the “Windows Live” servers inthe list of servers 530 includes an identifier 525 such as, for example,an email address (e.g., a@live.com and b@live.com). Using the identifier525, the current user is able to easily select the correct user/servercombination and subsequently the desired template. Although an emailaddress is specifically mentioned, it is contemplated that anotheridentifier may be used to identify a particular user when duplicateserver entries are displayed in the list of servers 520. For example,the identifier may be a username, an icon, an avatar or the like.

Once the appropriate server has been identified and selected by thecurrent user, a list of templates 530 having one or more templates 540is displayed. As discussed above, the list of servers 520 and thetemplates 540 associated with each server are displayed in a nestedconfiguration. Such a configuration enables the current user of thecomputing device to view and select the correct server and desiredtemplate when protecting the content item. The list of templates 530 mayalso include an icon 550 for viewing additional templates 540 in thelist of templates 530.

FIG. 6 illustrates a general computer system 600, which can be used toimplement the embodiments described herein. The computer system 600 isonly one example of a computing environment and is not intended tosuggest any limitation as to the scope of use or functionality of thecomputer and network architectures. Neither should the computer system600 be interpreted as having any dependency or requirement relating toany one or combination of components illustrated in the example computersystem 600. In embodiments, system 600 may be used as the computingdevice 120 described above with respect to FIG. 1.

In its most basic configuration, system 600 typically includes at leastone processing unit 602 and memory 604. Depending on the exactconfiguration and type of computing device, memory 604 may be volatile(such as RAM), non-volatile (such as ROM, flash memory, etc.) or somecombination. This most basic configuration is illustrated in FIG. 6 bydashed line 606. System memory 604 stores instructions 620, such as theinstructions to associate a user with one or more servers the for whichthe user has access, and data 622 such as the one or more templatesassociated with each server that may be stored in a file storage systemwith storage such as storage 608.

The term computer readable media as used herein may include computerstorage media. Computer storage media may include volatile andnonvolatile, removable and non-removable media implemented in any methodor technology for storage of information, such as computer readableinstructions, data structures, program modules, or other data. Systemmemory 604, removable storage, and non-removable storage 608 are allcomputer storage media examples (e.g. memory storage). Computer storagemedia may include, but is not limited to, RAM, ROM, electricallyerasable read-only memory (EEPROM), flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostore information and which can be accessed by computing device 600. Anysuch computer storage media may be part of device 600. Computing device600 may also have input device(s) 614 such as a keyboard, a mouse, apen, a sound input device, a touch input device, etc. In anotherembodiment, the computing device 600 may be coupled to a camera (notshown) that may be operative to record a user and capture motions and/orgestures made by a user. Consistent with other embodiments describedherein, the camera may comprise any motion detection device capable ofdetecting the movement of the user. For example, the camera may comprisea Microsoft® Kinect® motion capture device comprising a plurality ofcameras and a plurality of microphones. Output device(s) 616 such as adisplay, speakers, a printer, etc. may also be included. Theaforementioned devices are examples and others may be used.

The term computer readable media as used herein may also includecommunication media. Communication media may be embodied by computerreadable instructions, data structures, program modules, or other datain a modulated data signal, such as a carrier wave or other transportmechanism, and includes any information delivery media. The term“modulated data signal” may describe a signal that has one or morecharacteristics set or changed in such a manner as to encode informationin the signal. By way of example, and not limitation, communicationmedia may include wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, radio frequency (RF),infrared, and other wireless media.

Embodiments disclosed may be practiced via a system-on-a-chip (SOC)where each or many of the components illustrated in FIG. 6 may beintegrated onto a single integrated circuit. Such an SOC device mayinclude one or more processing units, graphics units, communicationsunits, system virtualization units and various application functionalityall of which are integrated (or “burned”) onto the chip substrate as asingle integrated circuit. When operating via an SOC, the functionality,described herein, with respect to providing continuous access to aresource may operate via application-specific logic integrated withother components of the computing device/system 600 on the singleintegrated circuit (chip).

Reference has been made throughout this specification to “oneembodiment” or “an embodiment,” meaning that a particular describedfeature, structure, or characteristic is included in at least oneembodiment. Thus, usage of such phrases may refer to more than just oneembodiment. Furthermore, the described features, structures, orcharacteristics may be combined in any suitable manner in one or moreembodiments.

One skilled in the relevant art may recognize, however, that theembodiments may be practiced without one or more of the specificdetails, or with other methods, resources, materials, etc. In otherinstances, well known structures, resources, or operations have not beenshown or described in detail merely to avoid obscuring aspects of theembodiments. In addition, terms such as “first,” “second,” “third” andthe like are used herein to distinguish between elements and betweenprocesses; however, no particular order or importance is implied by suchterms unless otherwise stated.

While example embodiments and applications have been illustrated anddescribed, it is to be understood that the embodiments are not limitedto the precise configuration and resources described above. Variousmodifications, changes, and variations apparent to those skilled in theart may be made in the arrangement, operation, and details of themethods and systems disclosed herein without departing from the scope ofthe claimed embodiments.

We claim:
 1. A method for providing access permissions for a contentitem, the method comprising: receiving user credentials that identify auser of a computing device; determining a relationship between the userand one or more servers, wherein the one or more servers are configuredto manage information rights for a content item created by the user; inresponse to receiving a request to protect the content item, displayinga list of the one or more servers; and upon receiving a selection of oneof the one or more servers, displaying one or more templates supportedby the selected one of the one or more servers, wherein the one or moretemplates identify information rights to be applied to the content itemby the selected one of the one or more servers.
 2. The method of claim1, further comprising in response to receiving selection of a templateof the one or more templates, protecting the content item usinginformation rights of the selected template.
 3. The method of claim 1,wherein the relationship between the user and the one or more servers isestablished by an administrator.
 4. The method of claim 1, wherein therelationship between the user and the one or more servers is establishedwhen a protected content item is received from another user, wherein theprotected content item is protected by the one or more servers.
 5. Themethod of claim 1, wherein displaying a list of one or more serversincludes displaying an email address associated with at least one of theone or more servers.
 6. The method of claim 1, wherein at least one ofthe one or more templates supported by each of the one or more serversis specific to each of the one or more servers.
 7. The method of claim1, wherein the list of one or more servers is maintained locally.
 8. Themethod of claim 1, wherein the user credentials are associated with anapplication used to create the content item.
 9. A computer-readablestorage medium encoding computer executable instructions that, whenexecuted by at least one processor, perform a method for providingaccess permissions for a content item, the method comprising: receivinguser credentials that identify a user of a computing device; determininga relationship between the user and one or more servers, wherein the oneor more servers are configured to manage information rights for acontent item created by the user; in response to receiving a request toprotect the content item, displaying a list of the one or more servers;and upon receiving a selection of one of the one or more servers,displaying one or more templates supported by the selected one of theone or more servers, wherein the one or more templates identifyinformation rights to be applied to the content item by the selected oneof the one or more servers.
 10. The computer-readable storage medium ofclaim 9, the method further comprising protecting the content item usinginformation rights associated of the selected template in response toreceiving a selection of a template of the one or more templates. 11.The computer-readable storage medium of claim 9, wherein therelationship between the user and the one or more servers is establishedby an administrator.
 12. The computer-readable storage medium of claim9, the method further comprising establishing a relationship between theuser and the one or more servers when a protected content item isreceived from another user, wherein the protected content item isprotected by the one or more servers.
 13. The computer-readable storagemedium of claim 9, wherein displaying a list of one or more serversincludes displaying an email address associated with at least one of theone or more servers.
 14. The computer-readable storage medium of claim9, wherein at least one of the one or more templates supported by eachof the one or more servers is specific to each of the one or moreservers.
 15. The computer-readable storage medium of claim 9, whereinthe list of one or more servers is maintained locally.
 16. Thecomputer-readable storage medium of claim 9, wherein the usercredentials are associated with an application used to create thecontent item.
 17. A computer system for setting access permissions for acontent item, the system comprising: one or more processors; and amemory coupled to the one or more processors, the memory for storinginstructions that, when executed by the one or more processors, causethe one or more processors to perform a method, the method comprising:receiving user credentials that identify a user of a computing device;determining a relationship between the user and one or more servers,wherein the one or more servers are configured to manage informationrights for a content item created by the user; in response to receivinga request to protect the content item, displaying a list of the one ormore servers; and upon receiving a selection of one of the one or moreservers, displaying one or more templates supported by the selected oneof the one or more servers, wherein the one or more templates identifyinformation rights to be applied to the content item by the selected oneof the one or more servers, and wherein the list of the one or moreservers and the one or more templates associated with at least one ofthe one or more servers are displayed in a nested configuration on asingle user interface.
 18. The computer system of claim 17, the methodfurther comprises protecting the content item using information rightsof the selected template in response to receiving a selection of atemplate of the one or more templates.
 19. The computer system of claim17, wherein the relationship between the user and the one or moreservers is established by an administrator.
 20. The computer system ofclaim 17, wherein the relationship between the user and the one or moreservers is established when a protected content item is received fromanother user, wherein the protected content item is protected by the oneor more servers.